Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

New Strain of Rorschach Ransomware Targeting US- Firms

By Deeba Ahmed Rorschach ransomware boasts advanced encryption technology and can spread automatically on the machine if executed on a domain controller.  This is a post from HackRead.com Read the original post: New Strain of Rorschach Ransomware Targeting US- Firms

HackRead
Open in Source
#mac#windows#amazon#linux#chrome
CVE-2023-1856: bug_report/SQLi-1.md at main · Hackergrave/bug_report

A vulnerability has been found in SourceCodester Air Cargo Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/transactions/track_shipment.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224995.

15M+ Services & Apps Remain Sitting Ducks for Known Exploits

Scans of the Internet find that millions of computers, virtual machines, and containers are vulnerable to one or more of the hundreds of cyberattacks currently used in the wild, despite being patchable.

What RASP Should Have Been

When runtime application self-protection is held to a higher standard, it can secure thousands of applications and prevent burnout in security teams.

CVE-2023-26777: Script tag in Footer Text breaks window.preloadData at Status Page · Issue #2186 · louislam/uptime-kuma

Cross Site Scripting vulnerability found in :ouislam Uptime Kuma v.1.19.6 and before allows a remote attacker to execute arbitrary commands via the description, title, footer, and incident creation parameter of the status_page.js endpoint.

CVE-2020-21514: There is a remote command execution vulnerability on version 0.12-1.0 · Issue #295 · fluent/fluentd-ui

An issue was discovered in Fluent Fluentd v.1.8.0 and Fluent-ui v.1.2.2 allows attackers to gain escilated privlidges and execute arbitrary code due to a default password.

CVE-2023-27759: Wondershare Edrawmind Untrusted Search Path Vulnerability · Issue #8 · liong007/Wondershare

An issue found in Wondershare Technology Co, Ltd Edrawmind v.10.0.6 allows a remote attacker to executea arbitrary commands via the WindowsCodescs.dll file.

CVE-2020-19699: kiftd 一款开源、完善、便捷的个人网盘搭建系统

Cross Site Scripting vulnerability found in KOHGYLW Kiftd v.1.0.18 allows a remote attacker to execute arbitrary code via the <ifram> tag in the upload file page.

Rorschach Ransomware Emerges: Experts Warn of Advanced Evasion Strategies

Cybersecurity researchers have taken the wraps off a previously undocumented ransomware strain called Rorschach that's both sophisticated and fast. "What makes Rorschach stand out from other ransomware strains is its high level of customization and its technically unique features that have not been seen before in ransomware," Check Point Research said in a new report. "In fact, Rorschach is one

CVE-2023-25305: Five vulnerabilities found in mrpack installer implementations

PolyMC Launcher <= 1.4.3 is vulnerable to Directory Traversal. A mrpack file can be maliciously crafted to create arbitrary files outside of the installation directory.